features

In Review

Just like POP3 or IMAP4.Blocking users from using SMTP auth when not needed (users with webmail only and/or mobile sync) would be a big plus for security (no more spam sent using brute-forced accounts or passwords gained through phishing).Even you consider it as a good security practice and suggest admins use it (in your SecOps tips on the wiki).However, instead of implementing the feature, you link a 2018 blog post that implies modifying postfix files on the server to block users. It has to be done in CLI, user per user. Hardly usable except on server with a little number of accounts (and even less creation/deletion of accounts).The blog author was already hoping in 2018 that you eventually implement the feature in the admin panel…Link: <a target="_blank" rel="noopener noreferrer nofollow" href="https://wiki.zimbra.com/wiki/Secopstips#Disable_smtp_authentication">https://wiki.zimbra.com/wiki/Secopstips#Disable_smtp_authentication</a>

Dago Olalere

Just like POP3 or IMAP4.Blocking users from using SMTP auth when not needed (users with webmail only and/or mobile sync) would be a big plus for security (no more spam sent using brute-forced accounts or passwords gained through phishing).Even you consider it as a good security practice and suggest admins use it (in your SecOps tips on the wiki).However, instead of implementing the feature, you link a 2018 blog post that implies modifying postfix files on the server to block users. It has to be done in CLI, user per user. Hardly usable except on server with a little number of accounts (and...

Klug - David T.

Just like POP3 or IMAP4.

Blocking users from using SMTP auth when not needed (users with webmail only and/or mobile sync) would be a big plus for security (no more spam sent using brute-forced accounts or passwords gained through phishing).

Even you consider it as a good security practice and suggest admins use it (in your SecOps tips on the wiki).

However, instead of implementing the feature, you link a 2018 blog post that implies modifying postfix files on the server to block users. It has to be done in CLI, user per user. Hardly usable except on server with a little number of accounts (and even less creation/deletion of accounts).

The blog author was already hoping in 2018 that you eventually implement the feature in the admin panel…

Link: [https://wiki.zimbra.com/wiki/Secopstips#Disable\_smtp\_authentication](https://wiki.zimbra.com/wiki/Secopstips#Disable_smtp_authentication)



Allow/disallow SMTP auth from the admin panel per account/CoS/domain

Subscribe to post